2022-06-DD - ONAP: SECCOM Kohn release security goals

Created by Pawel Pawlak, last modified by Catherine Lefevre on Jun 14, 2022

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Topic Leader(s)

Topic Description

Sharing ONAP SECCOM goals for Kohn release:

Global Requirements and Best Practices
Security PoCs:
- logging req
- code quality
- service mesh
SBOM enablement and maintenance, and packaging
Waiver policy update

Topic Overview

Sharing ONAP SECCOM security goals for incoming ONAP Kohn release and collecting feedback from ONAP community.

Slides & Recording

YouTube

Live Interactive Session

LFN Staff may elect to publish some videos to YouTube. Please indicate here if you do not want your session to be published to YouTube.

Live Session to be recorded for YouTube

Agenda

Global Requirements and Best Practices
Security PoCs:
- logging req
- code quality
- service mesh
SBOM enablement and maintenance, and packaging
Waiver policy update
Summary

Minutes

Review of current Global Requirements/Best Practices/Waivers
Service Mesh POC
SBOM (also discussed in previous session)
Container Signing Notary vs Cosign
5Y Project Review

Action Items

Lots of different wiki pages about ONAP Service Mesh - can we consolidate i.e. Service Mesh POC, ONAP on Service Mesh - Developer Wiki - Confluence, Service Mesh Risk, Analysis - Developer Wiki - Confluence (onap.org), Service Mesh - Developer Wiki - Confluence (onap.org), Service Mesh PoC plan - Developer Wiki - Confluence (onap.org)
Any ONAP project to participate to "Container Signing"?

No labels